Army orders the removal of DJI drones, citing cyber security concerns
“National security risks cited”
A memo from the U.S. Army verified by Reuters advises that all operations involving DJI drones “cease all use, uninstall all DJI applications, remove all batteries/storage media and secure equipment for follow-on direction.” Further into the memo the army outlines the greater cyber vulnerabilities associated with the DJI, and the discontinuation covers all of the relevant software and hardware related to the DJI products.
Big data breach unmasks Bloomberg chat room users
“Almost one thousands anonymous users unmasked”
This week a London investment firm has sent out a list of participants, including names and employers, of an anonymous Bloomberg chat room that had been breached sometime last month by cybercriminals. The breach is the largest for Bloomberg’s financial information firm, and led to the temporary shutdown of the metal and mining chat, among others.
Spam Rate Hits Two-Year High
“Emergence of specific malware likely to blame”
In July of this year the global spam rate has skyrocketed to the levels of March 2015, largely due to the emergence and spread of email malware from Symantec. Self-spread malware variants are the worst offenders, contributing to the 54.9% spam rate throughout the whole month.
Australian Information Commissioner commends Red Cross for data breach response
“Database backup of thousands of donors now deemed safe”
In October of 2016, many metrics relevant to thousands of donors had appeared publicly online. This prompted security concerns among thousands, fearing their sensitive information was put in jeopardy. Almost a year later in 2017, Australian Information and Privacy Commissioner Timothy Pilgrim concluded his investigation and claims that his confidence is now restored in the Red Cross and the security of its personal information stores.
Enjoy your read? Check out our other content here.
According to Goldman Sachs, the emerging global market for businesses using drones is expected to top $100 billion by 2020. Of the $100 billion, most is still driven by government, but the relatively new commercial/civil sector is estimated to own $13 billion.
The passing of the FAA’s Part 107 rule in mid-2016, which introduced safety regulations designed to minimize risks to other aircraft and people and property on the ground, led to booming commercial interest, and this year the drone ecosystem is expected to keep up the cadence.
Additional Commercial Industries on the Rise
In addition to the sectors noted above, the following industries are expected to grow their usage of drones over the next three years: Oil/Gas, Public Safety, Journalism, Customers/Border Protection, Real Estate, Utilities, Pipelines, Mining, Clean Energy and Cinematography. For the full list, read Goldman Sachs’ industry report “Drones – Reporting for Work.”
Interesting Use Cases
Using DroneDeploy and Dronifi technology, a coffee grower assessed the spread of an invasive vine 85% faster than if they had gathered Normalized Difference Vegetation Index (NDVI) imagery from a manned aircraft.
Researchers at the King Abdullah University of Science and Technology are developing a drone monitoring system that tracks floods in real time and can sound the alarm before a flash flood hits.
A Dutch engineer has created a flying defibrillator for emergency situations using drone technology.
By Kyra Tillmans (Text and Infographic)
Enjoy your read? Check out our other content here.
Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: As devices and things get more connected, privacy becomes harder to achieve. Forbes points out the age of data in corporate culture and how some companies are monitoring bathroom use and healthcare data, which leaves the question of where does privacy fit into all of this? Trustwave security firm is being sued for a “woefully inadequate” forensics investigation. Symantec security researchers have identified a new malware that can defeat two-factor authentication. A new phishng campaign called LostPass has found a way to mimic the actual LostPass error code and trick people into accepting the phishing campaign.
From Medical Tests To Drones In Backyards: Is Physical Privacy Dead? – Publication: Forbes – Reporter name: Kalev Leetaru
Looking at trends in the sharing economy, companies like Uber have built an entire industry on the use of data-driven algorithms, with employment and pricing decisions based purely on the cold hard calculus of data. What might happen when this data-driven mindset reaches the world of healthcare? In the corporate pursuit of maximizing employee productivity it is not a far stretch to imagine a world in which companies use the results of all of this medical data to optimize the lives of its employees to squeeze every bit of work it can from them.
Security Firm Sued For Filing “Woefully Inadequate” Forensics Report – Publication: Ars Technica – Reporter name: Dan Goodin
A Las Vegas-based casino operator has sued security firm Trustwave for conducting an allegedly “woefully inadequate” forensics investigation that missed key details of a network breach and allowed credit card thieves to maintain their foothold during the course of the two-and-a-half-month investigation. The complaint provides a rare glimpse inside the confidential world of security incident response and underscores the consequences when investigations don’t have the results customers expect. As a result of the follow-on breaches, Affinity was required to obtain the second PCI forensics report from Mandiant and to pay additional assessments so banks could reissue credit cards.
Hackers Have Figured Out A Way To Defeat A Key Protection On Online Accounts – Publication: Business Insider – Reporter name: Rob Price
Two-factor authentication is an important way to help keep your online accounts safe — but it’s not perfect. It requires an extra layer of proof before anyone trying to log in gets access to an account. After the password is entered correctly, a temporary code known as a one-time password (OTP) is sent to the account owner’s smartphone. The code is then entered to complete the login process. That way, even if the user’s password is guessed, stolen, or cracked, the attacker can’t get into the account without physical access to the paired phone. But if the attacker is able to smuggle rogue software onto a user’s smartphone, they can defeat two-factor. Researchers at cybersecurity firm Symantec have discovered malware that can steal OTP codes and use this to hijack a user’s accounts. (The malware was previously reported on by The Register.)
LastPass Phishing Attack Avoids Two-Factor Authentication In Data Theft – Publication: ZDNet – Reporter name: Charlie Osborne
This system, like many others, is not invulnerable to phishing campaigns — the use of fraudulent emails and Web pages which appear legitimate, but are used solely to steal information and install malware. The LostPass phishing campaign works because “LastPass displays messages in the browser that attackers can fake,” according to the researcher. “Users can’t tell the difference between a fake LostPass message and the real thing because there is no difference,” Cassidy noted. “It’s pixel-for-pixel the same notification and login screen.”